Friday, October 16, 2020 [Tweets] [Favorites]

Avoiding AppleScript Security and Privacy Requests

Armin Briegel:

Since macOS Mojave, the Security and Privacy controls restricts sending and receiving AppleEvents. A given process can only send events to a different process with user approval. Users can manage the inter-application approvals in the Privacy tab of the Security & Privacy preference pane.

I ran into another case today where macOS failed to auto-add a checkbox under Automation so that the user could approve communication between two apps. There remains no way to manually add an app to give it permission. The only solution seems be to reset the privacy database and hope that macOS will add the checkbox the next time the app tries to communicate.

Over time, even though the underlying problem with hidden dialog has been fixed, this practice has persisted. You often even see AppleScript code use this with commands other than user interaction, where it wouldn’t have made sense in the first place. With the privacy restrictions in macOS Mojave, this practice has become actively trouble some, as you are sending the display dialog (or other) command to a separate process. The process running this script will require approval to send events to “System Events.”

[…]

Even after you have considered the above options to avoid sending AppleEvents to another process, there will still be several situations where it is necessary. […] MacAdmins can pre-approve AppleEvents (and most other privacy areas) between certain processes with a Privacy Preferences Policy Control (PPPC) configuration profile. PPPC profiles can only be managed when pushed from a user-approved or automatically enrolled MDM.

Previously:

Comments

Stay up-to-date by subscribing to the Comments RSS Feed for this post.

Leave a Comment